From 1c62e54820ccc8b8ab3ee9965347adeeeae6047d Mon Sep 17 00:00:00 2001 From: amanvir Date: Tue, 16 Jun 2020 13:41:37 +0100 Subject: [PATCH 1/7] Add code scanning --- .github/workflows/codeql-analysis.yml | 51 +++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..eb5ad24 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,51 @@ +name: "Code scanning - action" + +on: + push: + pull_request: + schedule: + - cron: '0 19 * * 0' + +jobs: + CodeQL-Build: + + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + # Override language selection by uncommenting this and choosing your languages + # with: + # languages: go, javascript, csharp, python, cpp, java + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From c50b007574a1dc6abcb29e62c6d9692627b69096 Mon Sep 17 00:00:00 2001 From: DeepSource Bot Date: Tue, 16 Jun 2020 18:28:07 +0000 Subject: [PATCH 2/7] Add .deepsource.toml --- .deepsource.toml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .deepsource.toml diff --git a/.deepsource.toml b/.deepsource.toml new file mode 100644 index 0000000..9742654 --- /dev/null +++ b/.deepsource.toml @@ -0,0 +1,5 @@ +version = 1 + +[[analyzers]] +name = "terraform" +enabled = true From 8c475b376d806feb9fd8c40331bbd40fb41392f4 Mon Sep 17 00:00:00 2001 From: amanvir Date: Tue, 16 Jun 2020 19:29:07 +0100 Subject: [PATCH 3/7] Update scanning language --- .deepsource.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.deepsource.toml b/.deepsource.toml index 9742654..f59843c 100644 --- a/.deepsource.toml +++ b/.deepsource.toml @@ -1,5 +1,5 @@ version = 1 [[analyzers]] -name = "terraform" +name = "javascript" enabled = true From 87c77479bbc5af91ad51cac0f792d3d54ba818b9 Mon Sep 17 00:00:00 2001 From: amanvir Date: Tue, 16 Jun 2020 19:42:46 +0100 Subject: [PATCH 4/7] Remove deepsource scanning --- .deepsource.toml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 .deepsource.toml diff --git a/.deepsource.toml b/.deepsource.toml deleted file mode 100644 index f59843c..0000000 --- a/.deepsource.toml +++ /dev/null @@ -1,5 +0,0 @@ -version = 1 - -[[analyzers]] -name = "javascript" -enabled = true From 70fb02cab0324a03cd1f2486f4cc5fa06184a790 Mon Sep 17 00:00:00 2001 From: amanvir Date: Tue, 16 Jun 2020 19:44:59 +0100 Subject: [PATCH 5/7] Use Github Actions --- .github/workflows/build.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..8a9b49d --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,28 @@ +# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node +# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions + +name: Node.js CI + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + build: + + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [10.x, 12.x, 14.x] + + steps: + - uses: actions/checkout@v2 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} + - run: npm ci + - run: npm test From 5dd514514a732a8b10e7ef9a8062864ddcee95a7 Mon Sep 17 00:00:00 2001 From: amanvir Date: Tue, 16 Jun 2020 19:46:05 +0100 Subject: [PATCH 6/7] Update CI --- .github/workflows/{build.yml => test.yml} | 1 - 1 file changed, 1 deletion(-) rename .github/workflows/{build.yml => test.yml} (97%) diff --git a/.github/workflows/build.yml b/.github/workflows/test.yml similarity index 97% rename from .github/workflows/build.yml rename to .github/workflows/test.yml index 8a9b49d..f168a68 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/test.yml @@ -24,5 +24,4 @@ jobs: uses: actions/setup-node@v1 with: node-version: ${{ matrix.node-version }} - - run: npm ci - run: npm test From de5e0969cef0c8659fbea528adfc2e1749ca7a28 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Sep 2020 18:02:19 +0000 Subject: [PATCH 7/7] Bump node-fetch from 1.7.3 to 2.6.1 Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 1.7.3 to 2.6.1. - [Release notes](https://github.com/bitinn/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md) - [Commits](https://github.com/bitinn/node-fetch/compare/1.7.3...v2.6.1) Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 71a859d..ccb5f6d 100644 --- a/package.json +++ b/package.json @@ -33,6 +33,6 @@ "babel": "inherit" }, "dependencies": { - "node-fetch": "^1.6.3" + "node-fetch": "^2.6.1" } }